Optimising IT Security Research via a Low Cost, Instantly Available, Cloud Based Cyber Range

Abstract

Testing the effectiveness of IT security measures for enterprises, companies, and institutions can often incur substantial costs in terms of time and resources. These costs encompass not only the investment in infrastructure for creating a cyber range but also the significant time and effort required to set up and configure the test environment. Similarly, academic researchers investigating IT security may find themselves dedicating as much time to preparing the test environment as they do to conducting the actual experiments. To address these challenges, this paper proposes a blueprint for a cyber range designed to replicate the IT environment of small and medium-sized enterprises (SMEs) while incorporating the security provisions mandated by the Cyber Essentials standard. By leveraging cloud technology, enterprises and researchers can effortlessly create multiple instances of the cyber range in minutes, enabling them to focus on experimentation within a repeatable environment. Implemented within the SkyTap platform, the cyber range utilizes a private network segmented into multiple VLANs and supports various technologies and operating systems. Deployment of the cyber range is streamlined and repeatable, allowing users to initiate the process with a simple click. Additionally, a sharing portal can be generated to provide specific access to ethical hackers or penetration testers for collaborative testing. This blueprint has demonstrated its effectiveness, enabling our research group to establish multiple identical cyber ranges. These ranges were subsequently subjected to rigorous testing by ethical hackers to evaluate the efficacy of the implemented IT security provisions. The insights gained from this experimentation hold significant value for advancing research into the effectiveness of Cyber Essentials.